Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
| Show First 20 Lines • Show All 255 Lines • ▼ Show 20 Lines | if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) { | ||||
| 'trusted keys can be used to sign API calls.'), | 'trusted keys can be used to sign API calls.'), | ||||
| ); | ); | ||||
| } | } | ||||
| if (!PhabricatorEnv::isClusterRemoteAddress()) { | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'This request originates from outside of the Phabricator '. | 'This request originates from outside of the %s '. | ||||
| 'cluster address range. Requests signed with trusted '. | 'cluster address range. Requests signed with trusted '. | ||||
| 'device keys must originate from within the cluster.'), | 'device keys must originate from within the cluster.', | ||||
| PhabricatorPlatformSite::getName()), | |||||
| ); | ); | ||||
| } | } | ||||
| $user = PhabricatorUser::getOmnipotentUser(); | $user = PhabricatorUser::getOmnipotentUser(); | ||||
| // Flag this as an intracluster request. | // Flag this as an intracluster request. | ||||
| $api_request->setIsClusterRequest(true); | $api_request->setIsClusterRequest(true); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | if (strlen($token_string)) { | ||||
| // If this is a "clr-" token, Phabricator must be configured in cluster | // If this is a "clr-" token, Phabricator must be configured in cluster | ||||
| // mode and the remote address must be a cluster node. | // mode and the remote address must be a cluster node. | ||||
| if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | ||||
| if (!PhabricatorEnv::isClusterRemoteAddress()) { | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'This request originates from outside of the Phabricator '. | 'This request originates from outside of the %s '. | ||||
| 'cluster address range. Requests signed with cluster API '. | 'cluster address range. Requests signed with cluster API '. | ||||
| 'tokens must originate from within the cluster.'), | 'tokens must originate from within the cluster.', | ||||
| PhabricatorPlatformSite::getName()), | |||||
| ); | ); | ||||
| } | } | ||||
| // Flag this as an intracluster request. | // Flag this as an intracluster request. | ||||
| $api_request->setIsClusterRequest(true); | $api_request->setIsClusterRequest(true); | ||||
| } | } | ||||
| $user = $token->getObject(); | $user = $token->getObject(); | ||||
| ▲ Show 20 Lines • Show All 378 Lines • Show Last 20 Lines | |||||
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0